doc.: IEEE 802.11-10/0059r1

Submission

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 1

An Example Protocol for FastAKMDate: 2010-01-19

Authors:Name Company Address Phone emailHiroki NAKANO Trans New

Technology, Inc.

Sumitomo-Seimei Kyoto Bldg. 8F, 62 Tukiboko-cho Shimogyo-ku, Kyoto 600-8492 JAPAN

+81-75-213-1200 cas.nakano@gmail.comcas@trans-nt.com

Hitoshi MORIOKA ROOT Inc. #33 Ito Bldg. 2-14-38 Tenjin, Chuo-ku, Fukuoka 810-0001 JAPAN

+81-92-771-7630 hmorioka@root-hq.com

Hiroshi MANO ROOT Inc. 8F TOC2 Bldg. 7-21-11 Nishi-Gotanda, Shinagawa-ku, Tokyo 141-0031 JAPAN

+81-3-5719-7630 hmano@root-hq.com

doc.: IEEE 802.11-10/0059r1

Submission

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 2

Abstract

FastAKM framework reduces time to set up association between AP and non-AP STA. This results in reduction of blackout time on handover and enables us to use VoIP in 802.11 “mobile” environment.

We show its technical possibility in this presentation by introducing a trial of example implementation of FastAKM, which establishes an association between AP and non-AP STA by single round-trip exchange of management frames.

doc.: IEEE 802.11-10/0059r1

Submission

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 3

Requirements

• Employ just ONE round-trip exchange of frames– STA to AP, then AP to STA

• Do all things to start user’s data exchange– Association

– Authentication

– Key Exchange

• No direct contract between AP and non-AP STA– ‘Authentication Server’ mediates between AP and non-AP STA

– For separation of service providers and AP infrastructure

• Possibly compatible with existing 802.11 framework– Old STAs can be still operated together.

doc.: IEEE 802.11-10/0059r1

Submission

An Example Procedure by 802.11-2007

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 4

STA AP RADIUS ServerBeacon

Probe Request

Probe Response

Association Request

Association Accept

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/TLS-Start

RADIUS-Access-Request/Identity

RADIUS-Access-Challenge/TLS-Start

EAP-Response/TLS-client Hello

EAP-Success

RADIUS-Access-Request/Pass Through

RADIUS-Access-Challenge/ Server Certificate

EAP-Key

EAP-Request/Pass Through

EAP-Response/Client Certificate RADIUS-Access-Request/Pass Through

RADIUS-Access-Challenge/Encryption TypeEAP-Request/Pass Through

EAP-Response RADIUS-Access-Request

RADIUS-Access-Accept

Open System Authentication

Open System Authentication

doc.: IEEE 802.11-10/0059r1

Submission

Complaint about the Procedure…

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 5

STA AP RADIUS ServerBeacon

Probe Request

Probe Response

Open System Authentication

Open System Authentication

Association Request

Association Accept

EAPOL-Start

EAP-Request/Identity

EAP-Response/Identity

EAP-Request/TLS-Start

RADIUS-Access-Request/Identity

RADIUS-Access-Challenge/TLS-Start

EAP-Response/TLS-client Hello

EAP-Success

RADIUS-Access-Request/Pass Through

RADIUS-Access-Challenge/ Server Certificate

EAP-Key

EAP-Request/Pass Through

EAP-Response/Client Certificate RADIUS-Access-Request/Pass Through

RADIUS-Access-Challenge/Encryption TypeEAP-Request/Pass Through

EAP-Response RADIUS-Access-Request

RADIUS-Access-Accept

Probe process is optional

Any other framework

than EAPOL??

Open System auth. is meaningless

doc.: IEEE 802.11-10/0059r1

Submission

Solution?

• We investigated and tried implementing two ideas below.– Trial 1: Omit Pre-RSNA Auth. Process

– Trial 2: Piggyback Auth. Info. onto Association Request/Response

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 6

doc.: IEEE 802.11-10/0059r1

Submission

Trial 1: Omit Pre-RSNA Auth. Process

• We use “Open System” authentication on Pre-RSNA framework at anytime. – Anyone using Shared Key auth?

• “Open System auth. is a null auth. algorithm. Any STA requesting Open System auth. may be authenticated”

Quoted from 802.11-2007 section 8.2.2.2

• Nevertheless, it takes ONE round-trip time to do that!

• Standard should be changed to allow to run Association process without Open System authentication process.– Any problem occurs?

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 7

doc.: IEEE 802.11-10/0059r1

Submission

Reason of existence of Open System auth.

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 8

doc.: IEEE 802.11-10/0059r1

Submission

802.11-2007 Figure 11-6

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 9

doc.: IEEE 802.11-10/0059r1

Submission

Modified Figure?

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 10

Successful Association with FastAKM

doc.: IEEE 802.11-10/0059r1

Submission

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 11

Trial 2: Piggyback Auth. Info. onto Association Request/Response

• Can “Mutual Authentication” be done by just A round-trip of Association Request/Response?– “Single Round-trip Authentication” is a common problem.

STA AP Authentication ServerBeacon

(Probe Request)

(Probe Response)

Authentication (Open System)

Authentication (Open System)

Access Request

Access Response

Association Request

Association Response (Accept)

doc.: IEEE 802.11-10/0059r1

Submission

Supposed Service Model

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 12

Contract to provide wireless access via AP infrastructure.Share information to identify each other properly, e.g. username, password, digital certificate, etc.

Contract to provide wireless access via AP infrastructure.Share information to identify each other properly, e.g. username, password, digital certificate, etc.

Real wireless communication channelProvide wireless access in request of Service ProviderReal wireless communication channelProvide wireless access in request of Service Provider

Contract to provide wireless access to users specified by Authentication Server (i.e. Service Provider)Set up secure communication channel to exchange information about users

Contract to provide wireless access to users specified by Authentication Server (i.e. Service Provider)Set up secure communication channel to exchange information about users

No Contract

doc.: IEEE 802.11-10/0059r1

Submission

Technical Prerequisite

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 13

Access Point(AP)

AuthenticationServer (AS)

Station(non-AP STA)

Information shared - to identify each other and - to exchange data securely

- Secure communication pipe- Information shared to identify each other

Wirelesscommunication

doc.: IEEE 802.11-10/0059r1

Submission

Association and Authentication Procedure• STA AP (piggyback on Association Request)

– Auth. Server Selector = name of Auth. Server

– User Information pack passed through AP toward Auth. Server• User Identifier and a kind of digital signature

• Session key encrypted by secret shared with Auth. Server

• Countermeasure against replay attack

• AP AS– User Information pack

• AP AS– Plain (decrypted) session key

• STA AP (piggyback on Association Response)– Proof of AP having legitimate session key

– Group key

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 14

doc.: IEEE 802.11-10/0059r1

Submission

Frame Exchange for Authentication

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 15

Access Point(AP)

AuthenticationServer (AS)

Station(non-AP STA)

User Information pack - User Identifier - a kind of digital signature - Session key encrypted by secret shared with Auth. Server - Countermeasure against replay attack

Auth. Server Selector

Plain (decrypted) session key

- Proof of AP having legitimate session key- Group key

1

32

doc.: IEEE 802.11-10/0059r1

Submission

An Example Implemetation

• OS: NetBSD 5.0.1 (i386)

• Upper MAC Layer: NetBSD’s net80211

• WLAN Chipset: Atheros Communications AR5212

• Add about 200 lines in C.

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 16

doc.: IEEE 802.11-10/0059r1

Submission

Difference from 802.11-2007

• Additional state transition to skip Open System Auth.– Figure 11-6—Relationship between state variables and services

• Two additional elements to Table 7-26 Element IDs– Authentication Server Selector (240 temporally)

– User Information Pack (241 temporally)

• RSN with key obtained by new FastAKM framework– 7.3.2.25 RSN information element (for beacon and probe resp.)

– Both Group and Pairwise Cipher Suites are set to CCMP.

– AKM Suite is set to the brand-new one!• Define new AKM Suite (00-d0-14-01 is used temporally.)

• Assign officially on Table 7-34 AKM suite selectors in future…

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 17

doc.: IEEE 802.11-10/0059r1

Submission

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 18

Conclusion

• Not-so-many changes enables FastAKM framework.

• We need more technical discussion – to build and verify authentication method

– about any effect of changing standard

– to write down detailed specification

doc.: IEEE 802.11-10/0059r1

Submission

Straw Poll

“Does WNG think that we need tutorial session exploring the need for support for mobile communication ?”

• Yes:

• No: 0

• Don’t Care:

January 2010

Hiroki Nakano, Trans New Technology, Inc.Slide 19